Recognizing Phishing Scams

young woman on cell phone hand gesturing

Avoid getting caught in phishing scams.

Phishing is when a scammer tries to get you to share sensitive personal information — such as your Social Security number, passwords, and account numbers — via email, text (aka smishing), or phone call (aka vishing). These communications may appear to be from an actual company, financial institution, or government agency, but they’re not legit at all. The real companies would never contact you to ask for this personal information

These scammers are trying to steal your identity and do other criminal things like gain access to your accounts. Becoming aware of their tricks and tactics can help you avoid financial headaches.


Common scams

Fraudsters use many ruses, and the scenarios they use evolve constantly as people catch on to them. Most of us know by now that any email we get from a Nigerian prince is a scam, but there are thousands of others that are not quite that well-known. Here are just a few that perpetually make the rounds.

Email phishing

  • You get an email claiming that your account has been compromised, and you need to click here to change your password. (This gives the scammer instant access. They can then change your password and lock you out of your own account.)
  • An email says that there’s an issue delivering your package, and you have to pay extra for delivery. Just enter your credit card info here. (Again, instant access.)

Smishing

  • You get a text saying that you won a prize, and you just need to supply your direct deposit info to claim the money.
  • A text claims that you’ve been overcharged for a service, and the company wants to send you a refund. All you have to do is give them your direct deposit information so they can credit your account.

Vishing

  • You receive a call from someone claiming to be from the IRS saying that you owe back taxes. The caller asks you to confirm your Social Security number.
  • The professional-sounding voice on the phone tells you that your Social Security number is suspended, but they can take care of that for you. All you need to do is give them some personal information to reactivate it.

There really is no limit to the creative scenarios that criminals come up with to try to trick you into handing over your personal information.


Sure signs of a scam

While there are an endless number of scams, they generally have some things in common. One main similarity is that they try to panic you into responding. (Phishing scams are only effective if they can get you to take some kind of action!)

They may pressure you to click on a link by saying that the offer expires in 24 hours, or that you only have until midnight to claim the prize or refund. If they’re phishing over the phone, the caller may threaten you with arrest or deportation if you don’t give them the information they ask for.

If someone calls you out of the blue and asks for personal information, it’s a scam. (Hang up right away. Don’t give them any information!) But email and text scams can be a little trickier to spot. Here are some ways to identify phishing in your inbox:

  • The sender’s email address is similar to the legit company email, but slightly off, such as fedexx.com instead of fedex.com.
  • The email or text contains poor spelling, bad grammar, and/or low-resolution logos.
  • The message contains an attachment, but you weren’t expecting the message or attachment.
  • When you hover over a link, the URL doesn’t match where you expected the link would go. For example, the text says Verizon Customer Service, but when you hover over it, the URL that displays is www.ferretpop.com. (Yeah, don’t click on that!)

If after all this, you’re still not sure (some of these phishing attempts look soooooo legit and maybe you do have an account with that company), use your browser to go directly to the company’s website to log in and check the status of your accounts. (Never click on the links in the email!)


So, in short…

Take a breath and think. Don’t panic. Never share key personal information. (We’re talking about your birthdate, Social Security number, credit card numbers and expiration dates, and so on.) Be suspicious of any email asking for your credit or debit card number and/or PIN. (Financial institutions will not do this!) Never click on links in emails that you weren’t expecting. If you slow down and pay attention, you’ll see the signs that point to phishing scams.